[X2Go-Commits] x2gobroker.git - statusflag (branch) updated: 0.0.0.5-13-g65db3d5

X2Go dev team git-admin at x2go.org
Tue Jun 4 21:09:49 CEST 2013


The branch, statusflag has been updated
       via  65db3d550c384ff0afbc0d9e97855ac1bf4bbea7 (commit)
      from  c6fbb4cf743a450b4a251bf39e86822662b17a73 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 etc/x2gobroker.conf               |   18 +++++++++---------
 x2gobroker/brokers/base_broker.py |   38 +++++++++++++++++++------------------
 x2gobroker/defaults.py            |    6 +++---
 3 files changed, 32 insertions(+), 30 deletions(-)

The diff of changes is:
diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf
index 70d0906..3e9ee23 100644
--- a/etc/x2gobroker.conf
+++ b/etc/x2gobroker.conf
@@ -50,20 +50,20 @@
 # profile mapping in LDAP
 
 
-# Allow unauthenticated connections? Then set check_credentials to false.
+# Allow unauthenticated connections? Then set check-credentials to false.
 #check-credentials = true
 
 # To secure server-client communication the client can start the communication
-# with a pre-set, agreed on authentication ID. Set the below value to 1 to make
-# use of this feature
-#use-authid = false
+# with a pre-set, agreed on authentication ID. Set the below value to true
+# to make the X2Go Session Broker require this feature
+#require-cookie-auth = false
 
-# X2Go supports two different auth ID modes (static and dynamic), for now set
-# the below value to true
-#use-static-authid = true
+# X2Go supports two different cookie authentication modes (static and dynamic).
+#use-static-cookie = false
 
-# Make up your own authid below...
-#authid = <aaaavveeeerrrrryyyyylooonnnnggggssttrrriiinnnggg>
+# Every server-client communication (between X2Go Client and broker) has to be
+# accompanied by this initial authentication cookie.
+#my-cookie = <aaaavveeeerrrrryyyyylooonnnnggggssttrrriiinnnggg>
 
 # X2Go Session Broker knows about two output formats: a text/html based output
 # and a text/json based output. The different outputs run under different URLs
diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py
index 2f9b6d2..c980119 100644
--- a/x2gobroker/brokers/base_broker.py
+++ b/x2gobroker/brokers/base_broker.py
@@ -66,7 +66,7 @@ class X2GoBroker(object):
         if config_defaults is None: config_defaults = x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS
         self.config = x2gobroker.config.X2GoBrokerConfigFile(config_files=self.config_file, defaults=config_defaults)
 
-        self._dynamic_authid_map = {}
+        self._dynamic_cookie_map = {}
         self._client_address = None
 
     def __del__(self):
@@ -687,7 +687,7 @@ class X2GoBroker(object):
         else:
             return []
 
-    def check_access(self, username='', password='', authid=None, ):
+    def check_access(self, username='', password='', cookie=None, ):
         """\
         Check if a given user with a given password may gain access to the
         X2Go session broker.
@@ -696,6 +696,8 @@ class X2GoBroker(object):
         @type username: C{unicode}
         @param password: a password that authenticates the user against the X2Go session broker
         @type password: C{unicode}
+        @param cookie: an extra (static or dynamic) authentication token
+        @type cookie: C{unicode}
 
         @return: returns C{True} if the authentication has been successful
         @rtype: C{bool}
@@ -717,46 +719,46 @@ class X2GoBroker(object):
 
         ### HANDLING OF DYNAMIC AUTHENTICATION ID HASHES
 
-        # using authid as extra security?
-        if self.config.get_value('global', 'use-authid'):
+        # using cookie authentication as extra security?
+        if self.config.get_value('global', 'require-cookie-authentication'):
 
-            if type(authid) is types.StringType:
-                authid = unicode(authid)
+            if type(cookie) is types.StringType:
+                cookie = unicode(cookie)
 
-            if self.config.get_value('global', 'use-static-authid'):
+            if self.config.get_value('global', 'use-static-cookie'):
 
                 # evaluate access based on static authentication ID feature
-                access = access and ( authid == self.config.get_value('global', 'authid') )
+                access = access and ( cookie == self.config.get_value('global', 'my-cookie') )
 
             else:
 
                 # evaluate access based on dynamic authentication ID feature
-                if self._dynamic_authid_map.has_key(username):
-                    access = access and ( authid == self._dynamic_authid_map[username] )
+                if self._dynamic_cookie_map.has_key(username):
+                    access = access and ( cookie == self._dynamic_cookie_map[username] )
                     if access:
-                        self._dynamic_authid_map[username] = uuid.uuid5(namespace=authid, name=username)
+                        self._dynamic_cookie_map[username] = uuid.uuid5(namespace=cookie, name=username)
 
                 else:
-                    access = access and ( authid == self.config.get_value('global', 'authid') )
+                    access = access and ( cookie == self.config.get_value('global', 'my-cookie') )
                     if access:
                         # generate a first uuid, initialize the dynamic authencation ID security feature
-                        self._dynamic_authid_map[username] = uuid.uuid4()
+                        self._dynamic_cookie_map[username] = uuid.uuid4()
 
         return access
 
-    def get_next_authid(self, username):
+    def get_next_cookie(self, username):
         """\
-        Get the next expected authentication ID for the given user name.
+        Get the next expected authentication cookie for the given user name.
 
-        @param username: query next auth ID for this user
+        @param username: query next authentication cookie for this user
         @type username: C{unicode}
 
-        @return: returns next authentication ID for the given username, None if no auth ID has been generated, yet.
+        @return: returns next authentication cookie for the given username, None if no cookie has been generated, yet
         @rtype: C{unicode} or C{None}
 
         """
         try:
-            return self._dynamic_authid_map[username]
+            return self._dynamic_cookie_map[username]
         except KeyError:
             return None
 
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index 8274e71..4e52156 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -114,9 +114,9 @@ X2GOBROKER_CONFIG_DEFAULTS = {
     'global': {
         u'backend': u'zeroconf',
         u'check-credentials': True,
-        u'use-authid': False,
-        u'use-static-authid': True,
-        u'authid': uuid.uuid4(),
+        u'require-cookie-auth': False,
+        u'use-static-cookie': False,
+        u'my-cookie': uuid.uuid4(),
         u'enable-plain-output': True,
         u'enable-json-output': False,
         u'enable-html-output':  False,


hooks/post-receive
-- 
x2gobroker.git (HTTP(S) Session broker for X2Go)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).




More information about the x2go-commits mailing list